1215bd4ea9
This reverts commit d6e0d38b84a00b2ab05324b69e3253d956bb5be7. We need shorter secrets to continue working, since the earlier recommendation was too short and there's no way to rotate the them.
155 lines
5.5 KiB
Nix
155 lines
5.5 KiB
Nix
# This test runs gitlab and checks if it works
|
|
|
|
let
|
|
initialRootPassword = "notproduction";
|
|
in
|
|
import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
|
|
name = "gitlab";
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ globin ];
|
|
};
|
|
|
|
nodes = {
|
|
gitlab = { ... }: {
|
|
imports = [ common/user-account.nix ];
|
|
|
|
virtualisation.memorySize = if pkgs.stdenv.is64bit then 4096 else 2047;
|
|
systemd.services.gitlab.serviceConfig.Restart = mkForce "no";
|
|
systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no";
|
|
systemd.services.gitaly.serviceConfig.Restart = mkForce "no";
|
|
systemd.services.gitlab-sidekiq.serviceConfig.Restart = mkForce "no";
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
virtualHosts = {
|
|
localhost = {
|
|
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.dovecot2 = {
|
|
enable = true;
|
|
enableImap = true;
|
|
};
|
|
|
|
systemd.services.gitlab-backup.environment.BACKUP = "dump";
|
|
|
|
services.gitlab = {
|
|
enable = true;
|
|
databasePasswordFile = pkgs.writeText "dbPassword" "xo0daiF4";
|
|
initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
|
|
smtp.enable = true;
|
|
extraConfig = {
|
|
incoming_email = {
|
|
enabled = true;
|
|
mailbox = "inbox";
|
|
address = "alice@localhost";
|
|
user = "alice";
|
|
password = "foobar";
|
|
host = "localhost";
|
|
port = 143;
|
|
};
|
|
pages = {
|
|
enabled = true;
|
|
host = "localhost";
|
|
};
|
|
};
|
|
secrets = {
|
|
secretFile = pkgs.writeText "secret" "Aig5zaic";
|
|
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
|
|
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
|
|
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = { nodes, ... }:
|
|
let
|
|
auth = pkgs.writeText "auth.json" (builtins.toJSON {
|
|
grant_type = "password";
|
|
username = "root";
|
|
password = initialRootPassword;
|
|
});
|
|
|
|
createProject = pkgs.writeText "create-project.json" (builtins.toJSON {
|
|
name = "test";
|
|
});
|
|
|
|
putFile = pkgs.writeText "put-file.json" (builtins.toJSON {
|
|
branch = "master";
|
|
author_email = "author@example.com";
|
|
author_name = "Firstname Lastname";
|
|
content = "some content";
|
|
commit_message = "create a new file";
|
|
});
|
|
|
|
# Wait for all GitLab services to be fully started.
|
|
waitForServices = ''
|
|
gitlab.wait_for_unit("gitaly.service")
|
|
gitlab.wait_for_unit("gitlab-workhorse.service")
|
|
gitlab.wait_for_unit("gitlab-pages.service")
|
|
gitlab.wait_for_unit("gitlab-mailroom.service")
|
|
gitlab.wait_for_unit("gitlab.service")
|
|
gitlab.wait_for_unit("gitlab-sidekiq.service")
|
|
gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitlab.socket")
|
|
gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in")
|
|
'';
|
|
|
|
# The actual test of GitLab. Only push data to GitLab if
|
|
# `doSetup` is is true.
|
|
test = doSetup: ''
|
|
gitlab.succeed(
|
|
"curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in"
|
|
)
|
|
gitlab.succeed(
|
|
"${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2"
|
|
)
|
|
gitlab.succeed(
|
|
"echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers"
|
|
)
|
|
'' + optionalString doSetup ''
|
|
gitlab.succeed(
|
|
"curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects"
|
|
)
|
|
gitlab.succeed(
|
|
"curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt"
|
|
)
|
|
'' + ''
|
|
gitlab.succeed(
|
|
"curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz"
|
|
)
|
|
gitlab.succeed(
|
|
"curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2"
|
|
)
|
|
gitlab.succeed("test -s /tmp/archive.tar.gz")
|
|
gitlab.succeed("test -s /tmp/archive.tar.bz2")
|
|
'';
|
|
|
|
in ''
|
|
gitlab.start()
|
|
''
|
|
+ waitForServices
|
|
+ test true
|
|
+ ''
|
|
gitlab.systemctl("start gitlab-backup.service")
|
|
gitlab.wait_for_unit("gitlab-backup.service")
|
|
gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/backup/dump_gitlab_backup.tar")
|
|
gitlab.systemctl("stop postgresql.service gitlab.target")
|
|
gitlab.succeed(
|
|
"find ${nodes.gitlab.config.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +"
|
|
)
|
|
gitlab.succeed("systemd-tmpfiles --create")
|
|
gitlab.succeed("rm -rf ${nodes.gitlab.config.services.postgresql.dataDir}")
|
|
gitlab.systemctl("start gitlab-config.service gitlab-postgresql.service")
|
|
gitlab.succeed(
|
|
"sudo -u gitlab -H gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=dump force=yes"
|
|
)
|
|
gitlab.systemctl("start gitlab.target")
|
|
''
|
|
+ waitForServices
|
|
+ test false;
|
|
})
|